Apple’s iOS 16.1.1 has just launched, but the next software version iOS 16.2 is at beta stage. And judging from the release notes, iOS 16.2 will come with a bunch of cool new features.
Among these, iOS 16.2 could see a new feature called Rapid Security Response in action, which is a way for the iPhone maker to apply security updates to your phone on the fly.
It was first announced with iOS 16 at Apple’s Fall event and not made immediately available. But according to reports, Apple has just tested Rapid Security Response in the iOS 16.2 beta.
The iPhone maker describes Rapid Security Response on its support page:
“In a future update to iOS 16, iPadOS 16.1, and macOS 13, Apple will add a mechanism for shipping security fixes to users more frequently. These responses are included in any ensuing minor update (not upgrade) and, on a Mac, update content appears on the Preboot volume (through symbolic links in /System/Cryptexes/).
“Rapid Security Responses don’t adhere to the managed software update delay; however, because they apply only to the latest minor operating system version, if that minor operating system update is delayed, the response is also effectively delayed.”
Apple says Rapid Security Responses that involve the operating system require the device to restart. Meanwhile, Rapid Security Responses that involve Safari require the user to quit the app.
Why automatic updates aren’t as good as they seem
Rapid security updates can’t come soon enough. As I’ve mentioned before, Apple’s automatic security updates aren’t very quick in arriving to iPhones. In fact, despite having automatic updates turned on, many iPhone users are left waiting days or weeks until after new iOS versions are released. This means the only way to ensure serious security holes are fixed is by manually applying iOS updates.
Apple devices are increasingly being targeted by adversaries, with multiple security holes fixed this year that were already being used in attacks. Some of these attacks are pretty serious, and can allow an adversary to gain control of your device.
Apple has explained why automatic updates aren’t applied straight away to all iPhones. As I wrote previously, Apple likes to wait for any bugs to be sorted out before pushing iOS updates to all devices. Also, by ensuring everyone isn’t updating their iPhones at once, it avoids overloading Apple’s servers each time an iOS upgrade is issued.
iOS 16.2—a massive security boost (hopefully)
When iOS 16.2 launches, Rapid Security Response should be a massive boost to iPhone security. If it works, it requires virtually no interaction for security holes to be fixed. And let’s be honest, lots of people don’t have automatic updates turned on.
Independent security researcher Sean Wright says the possible arrival of rapid response updates in iOS 16.2 is “great news.”
“We have recently seen several high-profile vulnerabilities in iOS, which have supposedly been exploited in the wild,” Wright says. “Having the means to quickly and easily patch these types of vulnerabilities will go a long way in helping owners of iOS devices. In addition, since they do not require a full OS update, they should be quicker to install.”
However, Apple needs to get Rapid Security Response right. “This might help with the updates, but if the deployment process/mechanism still isn’t ‘good and timely’, we will still have the same issues of deployment lag,” says security consultant Daniel Card.
He points out that Apple security information is often sparse and more details about how severe a vulnerability is and how easy it is to exploit would help security experts to work out the scale of a problem “without confusing people.”
When it arrives, Rapid Security Response should make things a lot easier. If it’s coming with iOS 16.2, it’s certainly a reason to ensure you apply it straight away.